 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
SQL Server Forum / General / Security / August 2006"Access denied" with xp_cmdshell (!)
Hello, I'm running this command on my SQL server and I'm getting an error 'Access denied.' EXEC master.dbo.xp_cmdshell 'cacls "\\PC1\Temp\3.bmp" \E \G DOMAIN\User:R' - My sql server service is running on a domain account and that account is and administrator in sql server computer and in computer PC1. - Directory "Temp" Sharing rights are "everyone - full control". - File 3.bmp permissions are that all admins get full control. This command works fine only when I set file permissions to "everyone - full control". SQL server version - MS SQL 2005 Standard edition x64 Thanks for help Vyckla If you recently made the domain account an administrator, you may need to restart Sql Server for those permissions to take effect. A change of permissions for an account won't affect processes already running as that account. Thanks  SignatureLaurentiu Cristofor [MSFT] Software Design Engineer SQL Server Engine http://blogs.msdn.com/lcris/ This posting is provided "AS IS" with no warranties, and confers no rights. > Hello, > [quoted text clipped - 18 lines] > > Vyckla But problem is that I have tried to give for that account full control seperately. I mean I added the permission entry "DOMAIN\SQLUser - Full control" to NTFS security and also to sharing security settings. Still waiting for help... Vycka > If you recently made the domain account an administrator, you may need to > restart Sql Server for those permissions to take effect. A change of [quoted text clipped - 27 lines] >> >> Vyckla Does the command work fine if you execute it from a prompt started as the service account? Have you checked both the permissions for the share and for the file? If the answer to both these questions is yes, then you might try to run file monitor to see where the access denied is coming from. See http://www.sysinternals.com/Utilities/Filemon.html. Thanks SignatureLaurentiu Cristofor [MSFT] Software Design Engineer SQL Server Engine http://blogs.msdn.com/lcris/ This posting is provided "AS IS" with no warranties, and confers no rights. > But problem is that I have tried to give for that account full control > seperately. I mean I added the permission entry "DOMAIN\SQLUser - Full [quoted text clipped - 35 lines] >>> >>> Vyckla > But problem is that I have tried to give for that account full control > seperately. I mean I added the permission entry "DOMAIN\SQLUser - Full > control" to NTFS security and also to sharing security settings. > > Still waiting for help... Try running the SET command under xp_cmdshell to dump the envioronment of the impersonation context that XP is using (to verify that it is the context you're expecting.) Also, is the Access Denied error being returned by the command shell, by CACLS or by SQL Server? -Mark > Vycka > [quoted text clipped - 29 lines] >>> >>> Vyckla |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.